MIT researchers: US needs single agency to protect electric grid from cyberattacks

A single agency would be better able to strengthen cybersecurity, instead of the myriad federal, state, and local entities that are currently tasked with protecting parts of that grid, the researchers argued in their report on the future of the US electric grid.

“The current regulatory framework, largely established in the 1930s, is mismatched to today’s grid”, said Richard Schmalensee, one of the authors of the report. Today’s regulatory structure is “highly unlikely [to] give us the grid of the future – a grid that by 2030 will support a range of new technologies and consumer services that will be essential for a strong and competitive U.S. economy”, he added.

Increased data communications throughout the electric grid will introduce new cybersecurity risks and challenges, to both local and wide-scale grid systems, the report said.

Examples of cybersecurity risks include: loss of grid control resulting in disruption of electricity supply over a wide area can occur as a result of errors or tampering with data communication among control equipment and central offices; consumer-level problems ranging from incorrect billing to interruption in electric service can be introduced via smart meter tampering; commuting disruptions for electric vehicle operators can occur if recharging stations have been modified to incorrectly charge batteries; and data confidentiality breaches can provide information for identity theft, corporate espionage, physical security threats, and terrorist activities.

The report recommended that the Department of Homeland Security be designated as the lead agency to coordinate the cybersecurity activities of the various federal, state, and local agencies, as well as the private sector.

“Once a lead agency has been designated, it should take all necessary steps to ensure that it has appropriate expertise by working with relevant federal agencies, [the North American Electric Reliability Corporation], state [public utility commissions], public power authorities, and such expert organizations as the Institute of Electrical and Electronics Engineers and [the Electric Power Research Institute]”, the report concluded.